CVE-2024-25734

Published: Mar 27, 2024Modified: Nov 4, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts.

Affected (1)

Products: Wyrestorm: Apollo Vx20 Firmware

Wyrestorm

1 product

Apollo Vx20 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wyrestorm Apollo Vx20 Firmware	Before 1.3.58

Running on/with	Platform Versions
Wyrestorm Apollo Vx20	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (5)

http://packetstormsecurity.com/files/177081

Source: cve@mitre.org

ExploitVDB Entry

https://hyp3rlinx.altervista.org

Source: cve@mitre.org

Third Party Advisory

http://packetstormsecurity.com/files/177081

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVDB Entry

http://seclists.org/fulldisclosure/2024/Feb/9

Source: af854a3a-2127-422b-91ae-364da2661108

https://hyp3rlinx.altervista.org

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.